i've had a quick scour around but am none the wiser what Requested Range Not Satisfiable actually means.
Because the 416.shtml file didn't exists, it generated errors in Apache logs which in turn blocked the IP in CSF.

I'm more than happy to remove the newly created 416.shtml file, if the reason was a malicious client, and continue to block.